Description
As Staff Cloud Security Engineer at Ledger, I share how we protect the infrastructure behind one of the world’s leading cryptocurrency security companies. This case study explores our journey from fragmented security visibility to comprehensive cloud protection across our multi-cloud environment.
In this talk, I discuss how Ledger leverages Wiz’s Cloud Native Application Protection Platform (CNAPP) to secure both our internal infrastructure and protect our customers’ sensitive data. We’ll cover practical implementations including:
- Multi-cloud visibility: How we gained complete oversight across our entire cloud footprint
- Risk prioritization: Moving from hundreds of unactionable alerts to contextualized, prioritized threats
- Shift-left security: Integrating Wiz Code with GitHub to catch misconfigurations before deployment
- Data protection: Using Wiz DSPM to ensure compliance with financial services regulations
- Runtime security: Deploying Wiz Sensor across virtual machines for real-time threat detection
Key outcomes include supporting 200+ developers in a centralized security solution, automated compliance through Kubernetes admission control, and demonstrating security excellence that builds customer trust in our cryptocurrency security products.
Customer story on Wiz website: Protecting Ledger’s infrastructure
Key Highlights
“We sell security products, so to build our customers’ trust in our solutions, we have to be transparent about how we’re keeping them safe.” - Enguerrand Allamel, Staff Cloud Security Engineer at Ledger
Challenge
- Multi-cloud complexity: Growing multi-cloud environment requiring centralized security management
- High-stakes industry: Cryptocurrency sector faces frequent targeting and needs rapid threat identification
- Regulatory compliance: Strict financial services regulations requiring proactive compliance monitoring
- Developer productivity: Need to shift security left without blocking development workflows
Solution
- Complete visibility: Comprehensive oversight across entire cloud footprint to uncover vulnerabilities
- Risk prioritization: Contextualized threat assessment helping teams focus on critical issues first
- Automated compliance: Security policies built directly into Kubernetes admission processes
- Developer integration: 200+ developers using unified security solution throughout development lifecycle
Technologies & Integrations
- Wiz CNAPP: Comprehensive cloud security platform
- Wiz Code: GitHub integration for secure development
- Wiz DSPM: Data Security Posture Management for sensitive data protection
- Wiz Sensor: Runtime threat detection across virtual machines
- Kubernetes: Admission control security policies
- Multi-cloud: AWS, GCP, Azure environments
Impact & Results
✅ Centralized Security: Single platform supporting 200+ developers across multiple teams
✅ Proactive Protection: Real-time threat detection with contextualized risk prioritization
✅ Compliance Automation: Built-in security policies ensuring regulatory adherence
✅ Developer Empowerment: Security integrated into GitHub workflows without blocking deployment
✅ Customer Trust: Transparent security practices strengthening brand credibility